// you're reading...


The hardest lock to break

Forget ultra-secure safes and mathematical keys, the best way to protect our most valuable data is by using quantum mechanics. Christopher White explains.

Criminals no longer need to swagger into banks like John Dillinger with their faces masked. Modern-day robbers are more likely to be armed with a degree in computer science than a tommy gun.

Last month, the consultancy Detica estimated the cost of cyber crime at £27bn – although that figure has been disputed by pressure group Straight Statistics – and the Government’s new defence strategy explicitly mentions electronic attacks. Your money or your life could still be at risk using even the smartest of encryption technologies.

Conventional encryption, such as what might be used protecting your online-banking transactions or the country’s national-security secrets, uses pure maths. A message containing secure government data or your bank details is transformed into “ciphertext”, the encoded, garbled, version of the message, for transmission, and then converted back upon receipt. Interception will produce only gibberish – unless it’s deciphered.

The only way to decipher the message is by using a “key” – another random string of letters or numbers. Like cracking the world’s most complicated safe in a heist movie, to uncrack the code you’d have to try every variation of the 128 letters and numbers – which would take a while.

Those 128 bit–long keys are usually considered secure even against attacks that can check all the possible keys.

But last year, an encryption used by some 3G networks was cracked by Israeli researchers within hours, allowing them to listen to your phone calls, in theory. Orr Dunkelman, one of the researchers from the Weizmann Institute of Science, says the networks are still considered safe because their technique “assumes that the adversary can obtain a lot of data, and that he can control the encryption keys to some extent”. So our private conversations are safe for now.

But it has encouraged businesses and governments to look for an alternative. Since an encrypted message has to be intercepted before it can be decoded, there is a solution found by abandoning maths for physics – specifically, for quantum mechanics and the world of the very, very small. At the smallest scales, strange things happen. Waves behave like particles, and vice–versa. One consequence of this is Heisenberg’s uncertainty principle and the notion that it is impossible to measure a system without disturbing it. With communications that take full advantage of this, any disturbance created by cyber-criminals’ eavesdropping is detectable and transmission can be cut off.

“Security comes from knowing you have been compromised, rather than the absolute integrity of the ‘safe’,” says Norman Apsley, vice–president for business and innovation at the Institute of Physics. “Quantum cryptography has been a goal for some time, but many were sceptical that it would ever become a reality.” A forthcoming report by the institute will show how far the science has come.

Andrew Shields, of Toshiba Research Europe, says: “The technique is based on sending secret digital keys across optical fibres using encoded single photons – particles of light – and so is technically very challenging.”

Toshiba and the National Physical Laboratory are working towards commercialisation, with products expected to fetch tens of thousands of pounds – the cost of a high-end firewall. “Ultimately, quantum cryptography could find widespread use in telecom networks,” Shields says. “In the near-term, it is most likely to find application in settings where information security is a high priority.” Settings such as security and defence.

This is good news for us, and bad news for Dillingers old and new. The laws of the universe and a little human ingenuity can foil the hardest and smartest of criminals.

Read "The hardest lock to break" at The Independent